CVE-2010-4398

Published: Dec 6, 2010Modified: Apr 21, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

Affected (9)

Products: Microsoft: Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows Xp

5 products

Windows Server 2003

Windows Server 2008

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (27)

http://isc.sans.edu/diary.html?storyid=9988

Source: cve@mitre.org

ExploitIssue Tracking

http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/42356

Source: cve@mitre.org

Broken LinkVendor Advisory

http://support.avaya.com/css/P8/documents/100127248

Source: cve@mitre.org

Third Party Advisory

http://twitter.com/msftsecresponse/statuses/7590788200402945

Source: cve@mitre.org

Not Applicable

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/

Source: cve@mitre.org

Broken LinkExploitThird Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/15609/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/529673

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/45045

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1025046

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2011/0324

Source: cve@mitre.org

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011

Source: cve@mitre.org

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162

Source: cve@mitre.org

Broken Link

http://isc.sans.edu/diary.html?storyid=9988

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/42356

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://support.avaya.com/css/P8/documents/100127248

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://twitter.com/msftsecresponse/statuses/7590788200402945

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploitThird Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/15609/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/529673

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/45045

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1025046

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2011/0324

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4398

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.